Exemplo n.º 1
0
 //If validation of the Sign in form
 if (isset($_POST["go"])) {
     //Login & pass from form
     $login = strtolower(checkInput("post", "login", "/^[a-zA-Z0-9]{1,}\$/"));
     $password = checkInput("post", "password", "/.*/");
     $id_country = checkInput("post", "id_country", "/^[1-4]\$/");
     //If inputs are ok
     if ($login != false && $password != false && $id_country != false) {
         //Check user
         $db = connectDataBase();
         $sql = "SELECT `user_login`, `group_name` FROM `webapp_users`\n\t\t\t\t\tWHERE `user_login` = '{$login}'\n\t\t\t\t\tAND `user_pass` = SHA1('{$password}')\n\t\t\t\t\tLIMIT 1;";
         $query = $db->query($sql);
         //Ok if one result
         if ($query->rowCount() == 1) {
             //Save user information in session
             $_SESSION["user"] = getInfosFromLogin($login);
             //If account is correctly configured
             if ($_SESSION["user"] != false) {
                 //Create cookies
                 $hash = hash("sha512", "{$cookie_password} {$login}");
                 setcookie("ok", $hash, $cookie_time_to_live, "/" . $cookie_path . "/");
                 setcookie("id_country", $id_country, $cookie_time_to_live, "/" . $cookie_path . "/");
                 //Create user file cache
                 createFile("", $hash);
                 //Ok in session
                 $_SESSION["ok"] = $hash;
                 //---------------------------------------------------------------------------
                 //
                 // Install database --- Start
                 //
                 //---------------------------------------------------------------------------
Exemplo n.º 2
0
function check_connected()
{
    global $cookie_password;
    global $area_default, $area_allow, $area_deny;
    //If the user doesn't have a cookie and doesn't try to connect
    if (!isset($_COOKIE["ok"]) && !isset($_SESSION["ok"])) {
        //echo "no cookie, no session<hr>";
        return false;
        //Else the user has a cookie or he is connecting
    } else {
        //Default
        $go = false;
        //If the user has a cookie => get login from it
        if (isset($_COOKIE["ok"])) {
            $login = getLoginFromCookie();
            if ($login != false) {
                $_SESSION["user"] = getInfosFromLogin($login);
                $_SESSION["ok"] = $_COOKIE["ok"];
                $_SESSION["id_country"] = $_COOKIE["id_country"];
                $go = true;
            }
            //The user is connecting
        } elseif (isset($_SESSION["ok"])) {
            $go = true;
        }
        //Bad authentication
        if (!$go) {
            //echo "bad cookie<hr>";
            return false;
        }
        //Check grant
        if ($_SESSION["user"]["group"] != "root") {
            //if the running page has rules
            if (!empty($area_allow) || !empty($area_deny)) {
                //Default : everybody is allowed
                if ($area_default == "allow") {
                    $go = true;
                    //Foreach group to deny
                    foreach ($area_deny as $group) {
                        if ($group == $_SESSION["user"]["group"]) {
                            $go = false;
                            break;
                        }
                    }
                    //Else : everybody is denied
                } elseif ($area_default == "deny") {
                    $go = false;
                    //Foreach group to allow
                    foreach ($area_allow as $group) {
                        if ($group == $_SESSION["user"]["group"]) {
                            $go = true;
                            break;
                        }
                    }
                }
            }
            //Access forbiden
            if (!$go) {
                //echo "no option<hr>";
                return false;
            }
        }
    }
    //Ok
    return true;
}